package com.batsoft.trade.api.core.shiro;

import com.batsoft.trade.api.common.model.ResultCode;
import com.gomyb.utils.WriteUtils;
import lombok.extern.log4j.Log4j2;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author <a href="mailto:hellohesir@gmail.com">Mr_He</a>
 * 权限验证
 */
@Log4j2
public class MyAuthFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse rep, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) rep;
        if (request.getMethod().toUpperCase().equals("OPTIONS")) {
            chain.doFilter(req, rep);
            return;
        }
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            // 权限校验


        }
        WriteUtils.writeNO(request, response, ResultCode.NO_PERMISSION);
    }

    @Override
    public void destroy() {

    }
}
